By 2020, the amount of data gathered will be around 40 zettabytes (ZB), and by 2025, it’s predicted to reach 180ZB. This information blizzard means that it’s hard to keep track of what data you own, where it is stored, and who processes it. Keeping a check on our data and how it is processed is the need of the hour. Luckily, GDPR comes to our privacy rescue.

The General Data Protection Regulation (GDPR) is knocking on your door, and with little time to spare, you need to make sure that you are well prepared for this major change in the data privacy scenario. The core idea is to make privacy a fundamental right, and that comes with some deep-seated changes that organizations must make to manage their customers’ data. No matter what, the GDPR requires organizations to respect and protect personal data, and NetApp® SaaS Backup (formerly Cloud Control) helps you accelerate the journey toward GDPR.


The GDPR doesn’t just apply to organizations in the EU. The deciding criterion is that the organization deals with EU citizens. Organizations are intimidated by the penalties that the GDPR levies and by the damage to brand and reputation that can occur in tandem.


GDPR may be a four-letter word, but it encompasses 99 detailed articles that might be hard for a layman to process. The abridged GDPR is described here so that you can have some touchpoints to check your compliance.

  • More rights to individuals. Individuals have the right to access, correct, erase, export, and object to the processing of their personal data.
  • Transparent policies. Companies must provide clear notice for collection of data, stating the purpose and use cases, and they must provide well-defined data retention and deletion policies.
  • Controls and notification. Companies must provide appropriate security for personal data, notify authorities about breaches, and keep records that describe data processing.
  • IT and training. Companies must provide proper training for personnel and employees, periodically audit and update data policies, and employ a data protection officer (wherever applicable).

To simplify compliance, here is the path for reaching the final GDPR destination.

Don’t wait until GDPR enforcement on May 25 to start your preparations. Undergo a gap analysis by mapping the existing data collection, and then create a remediation plan. Reassess cross-border transfers, and make sure to revisit the contacts with the suppliers and vendors to ensure compliance with the GDPR. It will be crucial for CIO, CTO, or IT managers to review the process pertaining to data security, confidentiality, and availability.


NetApp is committed to complying with the GDPR and helping our customers do so, too. Here is how NetApp SaaS Backup helps you accelerate the journey toward GDPR.


Under Article 32 of the GDPR, controllers and processors are required to “implement appropriate technical and organizational measures” considering “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.”

  • Consistent backup. A cloud-ready backup service is a backing for The GDPR doesn’t have a firewall against data loss, but creating consistent backup service will save the day.
  • Storage location. Where does your data stay? With SaaS Backup, the choice is yours.
  • Encrypted backups. The GDPR urges you to render the data unintelligible to anyone who is not authorized to access it; encryption is one such method.
  • Disaster recovery. Most companies think they will achieve compliance by streamlining core processes, but they often overlook several key areas, such as disaster recovery. The GDPR emphasizes the ability to restore the availability of and access to personal data in a timely manner if a physical or technical incident occurs.
  • Data processors as data protectors. Because you are outsourcing your data to NetApp for backup and restore, we become your “data processor.” As data processors, we are obligated to provide “sufficient guarantees to implement appropriate technical and organizational measures” to meet the GDPR’s requirements and protect data subjects’ rights. NetApp also adheres to the code of conduct for data processors and controllers that are illustrated in Article 40 of the GDPR.
  • “Right to be forgotten and erasure” viably granted. The request for data deletion or erasure is processed as required, without undue delays and without incurring any cost to the customer. This processing includes erasing all your personal data files, records in our database, and even the replicated copies.
  • Data evacuation policy. You need not be concerned about lock-ins when you want to migrate your data. SaaS Backup gives us the freedom to download your backup in a supported version, such as a ZIP file for Microsoft OneDrive and a PST file for your Outlook mail.

The clock is ticking. Comply with the GDPR for continued public trust and confidence. Visit the SaaS Backup page to learn more about the product and start a free trial.

Shraddha Agarwala

Shraddha Agarwala is an Information Security Engineer with Cloud Business Unit at Netapp. Her focus areas include security testing and validation for NetApp's SaaS backup portfolio. She is passionate about information security and likes to evangelize the importance of securing information and related best practices.